Pepperl+Fuchs Industrial Devices Exposed to Critical Vulnerabilities
Germany’s CERT@VDE has issued a security advisory regarding critical vulnerabilities in several Pepperl+Fuchs products. These vulnerabilities, identified as CVE-2024-6422 and CVE-2024-6421, pose significant risks, including information disclosure, denial of service, and device manipulation. The affected devices are widely used in industrial settings, underscoring the need for immediate attention and action.
- CVE-2024-6422 (CVSS 9.8)
This critical vulnerability allows an unauthenticated remote attacker to manipulate the device via Telnet. Exploitation can result in stopping processes, reading, deleting, and changing data. With a CVSS score of 9.8, this vulnerability is highly severe and requires immediate remediation.
- CVE-2024-6421 (CVSS 7.5)
This vulnerability allows an unauthenticated remote attacker to read sensitive device information through an incorrectly configured FTP service. With a CVSS score of 7.5, this vulnerability, while less severe than CVE-2024-6422, still poses a significant threat to the integrity and confidentiality of device data.
The following Pepperl+Fuchs devices running firmware versions <= V2.11.0 are affected:
- OIT1500-F113-B12-CB
- OIT200-F113-B12-CB
- OIT500-F113-B12-CB
- OIT700-F113-B12-CB
The impact of these vulnerabilities is substantial. An attacker can exploit these flaws to:
- Read out images, device serial numbers, firmware and OS version numbers, log files, and configurations.
- Stop critical processes.
- Read, delete, and modify data on the device.
Pepperl+Fuchs has analyzed and identified the affected devices. While a permanent fix is being developed, CERT@VDE recommends the following immediate protective measures:
- Minimize Network Exposure: Ensure that affected devices are not accessible via the Internet. This reduces the risk of remote exploitation.
- Isolate Affected Devices: Separate these devices from the corporate network to prevent potential lateral movement by attackers within the organization.
- Secure Remote Access: If remote access is necessary, use secure methods such as Virtual Private Networks (VPNs) to ensure encrypted and authenticated connections.
